Backdoor:Win32/Caphaw.A is "a sophisticated firewall-bypassing backdoor armed with almost everything. It installs an FTP server, a proxy server, and a keylogger on the computer. It also has built-in remote desktop functionality based on the open source VNC project. We received a report that a user found this in his computer and also discovered that money had been transferred from his bank account by an unknown party. The keylogging component, coupled with the remote desktop functionality, makes it entirely possible for this to have happened.

The backdoor "calls home" to domains such as commonworld<removed>.cc or web<removed>es.cc to get the data that it posts on the friends' Facebook walls. Its main module, in the meantime, is hosted on <removed>youtube.com".